Chapter 2: Introducing Ethereal: Network Protocol Analyzer

Introduction

You probably picked up this book because you have already heard about Ethereal and its feature-rich graphical user interface (GUI). Maybe you read about it on the Internet, overheard a coworker talking about it, or heard about it at a security conference. However, if you are looking for a comprehensive guide to get you started and unleash the powers of Ethereal, you’ve come to the right place.

Ethereal is undoubtedly the best open source network analyzer available. And, the best part is: it’s free! It is packed with features that are comparable to a commercial network analyzer, and with a large and diverse collection of authors, new enhancements are made everyday. Technically, the code is still considered beta, so there are still bugs. However, once these bugs are reported to the development team, they are quickly resolved. Because Ethereal is actively maintained, new releases tend to come out every few months, but we will be focusing on Ethereal version 0.10.0, since that is the current release at the time of writing this book. Ethereal version 0.10.0 contains many performance enhancements, especially when working with capture files. Several user interface enhancements have also been made, including the application menus, help windows, and capture progress window bar graphs. The source tar files and Linux RPMs have been replaced with version 0.10.0a due to some help file packaging issues.

In this chapter, you’ll get an understanding of what Ethereal is, what its features are, and how to use it on your network architecture for troubleshooting. Additionally, you’ll learn about the history of Ethereal, how it came to be such a popular network analyzer, and why it remains a top pick for administrators.